An acquaintance of mine on Facebook casually announced earlier this week that she may have violated the Foreign Corrupt Practices Act. She didn’t state it that way, of course. Instead, her status update detailed the various people to whom she had to pay exorbitant “fees” and “tips” in order to get her visa to India processed and granted in a single day. She bragged about her ability to negotiate the demanded price lower by 30%.

She’s smart and educated. She graduated from an Ivy League school for her undergraduate degree; she earned an MBA from a top ten business school. She is diligent about keeping up with her required training. She might work for your company, and you would probably be thrilled to have her.

Maybe this acquaintance didn’t violate the FCPA. She definitely bribed the government official who approves visas. I suppose you could argue that what she paid was a facilitation fee. I don’t know the nature of her trip, so I would be speculating if I claimed that she was gaining some sort of business advantage in paying the extra fees. In any event, I don’t think that the DOJ or SEC will be pursuing her over the tiny potatoes this constitutes in the worst of circumstances.

I don’t claim to be innocent in this. I contemplated sending her a note, letting her know how her status update could be interpreted. I might have decided to do it, had she been a close friend, but she is an acquaintance, and so I remained silent. (You might do the same based on the looks on people’s faces at cocktail parties when they find out you work in compliance & ethics. It has become one of my favorite reasons to meet new people.)

It makes me wonder how long slippery slopes are. It makes me wonder whether, when we say behavior like this is ok, we set our employees up to fail on our behalf on stages that are magnitudes larger when our colleagues lack the judgment to do the right thing. And it makes me wonder how we can expect employees who observe questionable behavior to come forward when we spend so much time mired in the gray.

A couple of weeks ago, a senior technology executive called me and asked for compliance & ethics (C&E) advice. This happens more frequently than you might think – friends have questions that they’re too embarrassed or afraid to ask the C&E folks at their own companies, and so they end up calling me. For purposes of this post, we’ll call this friend “George.”

George’s question revolved around a conflict of interest disclosure that the internal audit folks at the company (which we’ll call “Acme”) where he works asked him to sign. The disclosure asked the signer of the document to certify that Acme had never had a business relationship with a services firm that we’ll refer to as “Nadir.” His choices were to check the box labeled “Yes, Acme has previously had a business relationship with Nadir,” or the box labeled “No, Acme has never had a business relationship with Nadir.”

George didn’t have the knowledge to affirmatively state that the company had never had a business relationship with the vendor in question. His instinct was to check the box for “Yes,” and then explain why he checked yes in a descriptive paragraph. Internal Audit was pressuring him to check “No,” saying that the disclosure form was a formality and that there would be no negative consequences to George if he just checked “Yes.”

Here’s the thing about my friends who have questions about C&E – when they pick up the phone and call me, they already know what the right thing to do is. All I do is confirm that for them. It got me to thinking, though, about the millions of employees out there with whom I am not friends. Whom do they call for advice? (I’m definitely not suggesting that they should all call me.)

George’s title at Acme is Executive Vice President. As an EVP, he felt what he considered to be undue pressure from internal audit to do the wrong thing. This is an assurance function that C&E normally thinks of as an ally. George felt empowered enough to pick up the phone to reassure himself to resist internal audit’s nudging. I wonder if our employees whose titles are something less senior than EVP feel empowered at all to fight back when someone tells them to do the wrong thing. On my pessimistic days, I think the answer is a resounding, “No.”

I had a conversation a few weeks ago with one of my favorite general counsel (GC), who has a more business-oriented view of compliance & ethics (C&E) than most people I talk to in the legal or C&E industries. She understands that it’s necessary to have a solid C&E program in place because you can’t demonstrate that an employee has gone rogue (as so many companies claim when something goes wrong) unless you can also demonstrate that the company took every opportunity it could to educate the employee and make him aware of its standards of business conduct.

She also recognizes, though, that while most CEOs would say that C&E is important, those same CEOs view C&E as a cost center that may or may not give a positive ROI. This GC views C&E as necessary hygiene but approaches it from the perspective that she wants to do just enough to be able to show that an employee has gone rogue and not much more.

When she said the word “hygiene,” I had the flash that C&E for a company is like oral hygiene for people. Stay with me here. Most people I know pay for dental insurance, get their teeth cleaned once a year (even though insurance will cover cleanings twice a year), and brush their teeth twice a day most of the time. They dread going to the dentist for any reason, including routine cleanings, and they think that these three things are enough to keep their mouths healthy.

For companies, dental insurance is the Code of Business Conduct, cleanings are the equivalent of yearly or biyearly Code training with the occasional mention from the CEO about the general importance of C&E, and brushing means designating a Chief Compliance & Ethics Officer (CCEO). My experience has been that most senior executives believe that this should be more than enough to keep the company out of trouble both proactively and in the event that the feds come looking for them.

This may be true. I’ve visited companies where, as startups, their cultures started based in integrity, and the cultures have grown as the companies have grown. In these cases, I could be persuaded that the natural tendencies and unspoken expectations around doing business the right way will be enough to protect the company in the future. At the very least, employees know to alert someone to problems so they can be mitigated.

But I’m a C&E nerd. It’s not the easiest industry to be in – people joke about ethics in troubling ways when you tell them what you do for a living. You can see the flashes of memories of potential misdeeds ripple across their faces when they check out for a moment. The industry has turned me into less of an optimist than I used to be, and it worries me that I’m don’t feel surprise anymore when a major act of misconduct hits the front page.

I’m also fervent believer in oral hygiene. I love going to the dentist. I go religiously every six months to have my teeth cleaned. I brush my teeth at least twice a day. What sets me apart from the general population, though, is that I floss every day, on occasion twice a day. I can talk about the benefits of flossing for a good ten minutes, which is about nine minutes and forty-five seconds longer that anyone really wants to hear about flossing. Dental insurance, cleanings, and daily brushing make up the bare minimum of what you need to do, in the absence of amazing oral hygiene genetics, to keep your teeth from rotting out of your head. Even then, there’s a limit to what the bare minimum can prevent from happening in your mouth.

Flossing is where the real work happens. People don’t do it for a variety of reasons. It’s gross, or it hurts. The primary reason I hear is that it’s a pain in the patootie. It’s too much trouble. People might recognize that there’s a positive ROI, but the R is a long way off and underestimated while the I is too big.

In the C&E context, flossing is the daily investment the company makes to thread C&E through its strategy, transactions, and water cooler conversations. And just like with flossing, companies may recognize that there’s a positive ROI, but the R is a long way off and underestimated while the I is too big.

We in C&E must get better at repositioning and recalculating the R to justify the I that we need to keep the teeth in our companies from rotting out. And just like with almost everything that we have to do in C&E, it’s so much easier to say and write than it is to do. Let me know if you’d like to talk about actual or figurative flossing, and maybe we can figure this out together.

A sinus infection wiped me out last week, but in between bouts of sniffling, coughing, aching, and sleeping, I watched Star Trek into Darkness. I realize that this makes me one of the last people on the planet to see it, and yes, I know I probably didn’t get the full effect at home instead of the theater. The two things that struck me hardest about the movie, though, related to the plot instead of the visual effects. [Warning: spoilers ahead.]

First, over the weekend, I stumbled across an interview with Peter Weller, who played Admiral Marcus in the film. Weller pointed out that audiences consider Captain Kirk to be the hero of the movie and Admiral Kirk one of the villains. This made him laugh because the captain, true to his character, disobeyed orders, flouted Starfleet regulations, and was generally insubordinate – a routine day at the office for Kirk. Admiral Marcus did his job as the head of Starfleet: he recognized a threat (approaching war with the Klingons), he created a strategy to minimize the threat, and then he executed his strategy, mostly within the bounds of Starfleet’s regulations (there is that pesky one about Starfleet not being a military organization but an exploratory one).

Second, there’s a scene in the movie when secret, mystery weapons appear at the hangar (or whatever the equivalent is called for spaceships) for loading onto the Enterprise. Scotty, the engineer, refuses to sign off without an inspection out of a sense of duty for the safety of the ship. Kirk cajoles him to skip the inspection, sign the paper, and allow the torpedoes on board. Scotty continues in his refusal, growing more agitated that the engineer of a ship would not be allowed to inspect such dangerous cargo. Kirk devolves into threatening Scotty, and so Scotty quits his job rather than be party to something that he knows would be wrong.

For a summer blockbuster, Star Trek into Darkness packed a lot of compliance & ethics into its entertainment. We got two whistleblowers in 132 minutes in a movie about space exploration. Both Kirk and Scotty end up being heroes at the end of the movie – good news, and good for our cause in C&E. I suspect, though, that employees face situations like the ones faced by Kirk and Scotty every day, but they don’t stand up the way Kirk and Scotty did. It’s not that our employees lack moral courage. I think it’s that they see that their own movies could go in other ways, that they may not get happy endings. Kirk died. Scotty drowned his sorrows and his outrage in alcohol. If the movie had been something other than Star Trek, or a summer blockbuster, if it had been a drama released in December, Kirk probably would have stayed dead, and we’d find Scotty in increasingly worse bars until he became a shadow of himself who lost all his friends and family. Employees who observe serious misconduct suspect that the latter is the movie that they’re in. As a result, they fear coming forward. It’s up to us in C&E to rewrite the drama script to be a summer blockbuster with a happy ending.

Yesterday I led a workshop at the Ethics and Compliance Officer Association’s (ECOA’s) Annual Ethics and Compliance Conference (AECC) outside of Chicago. The title of the workshop was “Beyond E-mail: Compliance and Ethics (C&E) Communications for a Global, Distributed Audience (or How Do I Communicate with People Who Don’t Have Access to Computers or Who Don’t Speak English as Their Primary Language). It’s a long title, I know, but it completely captures a topic that we struggle with in C&E. We’re very comfortable with the effectiveness of our communications at headquarters, but our discomfort grows in direct proportion with the distance our messages have to travel from our offices.

In the days leading up to the workshop, I grew more nervous. The proposal I submitted was for a one-hour session; the ECOA asked me if I’d be willing to do a workshop instead. I never say no to requests like that, and I put together some exercises and worksheets so that attendees could get over the initial hump of inertia. There’s always a risk with workshops, though, that the exercises aren’t quite right or that participants will just not participate (this often happens when the weather outside is sunny and beautiful). My workshop was also in the afternoon, slotted from 1-4pm, primetime for post-prandial somnolence (i.e., food coma).

It was a rousing session. My participants weren’t as interested in getting work done as much as they were hungry to hear new ideas from each other. I showed them a few things that I’ve done for clients, and luckily, it was enough seeding for all of them to share tactics that had been successful (or not) for them and to offer each other advice. It would have been easier to march everyone through the exercises I planned, but it was exhilarating to facilitate the conversations and surface the teaching and insight everyone had to share in the room.

A friend and I were talking about the reasons so many conferences are held in Las Vegas, because neither one of us is a fan of Las Vegas, but she’s going to have to spend three weeks there over the next two months. I explained that conferences tend to be boondoggles, where people attend a few sessions but mostly play golf, get massages, or gamble; conference organizers know that they’re more likely to get people to register and “attend” the conference if they hold the conferences in Las Vegas.

My workshop yesterday reminded me of how much you can get out of a conference if you use it the right way. In C&E, we’re apt to miss the forest for the trees. We get buried so deep in the complex issues that we deal with on a daily basis that we forget that we’re not alone in dealing with those issues. I can’t say for sure how much value participants in my session got, but I saw a lot of people excitedly taking notes, nobody fell asleep, and people looked like they were leaving energized. It’s a good reminder that we’re all in this together, and almost everyone is willing to lend a helping hand if we ask for it.

[I’ll be at the Ethics and Compliance Officer Association (ECOA) Annual Ethics and Compliance Conference (AECC) next week in Chicago. I’m giving a pre-conference workshop on September 24 on global communications. It has the incredibly long title of “Beyond E-mail: C&E Communication for a Global, Distributed Audience (or How Do I Communicate with People Who Don’t Have Access to Computers or Who Don’t Speak English as Their Primary Language).” If you’ll be at the AECC, too, please come find me and say hello!]

It’s hard to face the news every day because so much of what’s on the front pages, paper or electronic, of the world’s newspapers is grim. Even when you immerse yourself in the news about compliance and ethics (C&E), the news tends to be discouraging – C&E failures sell papers; C&E successes do not ( “We have business conduct standards, everyone follows them, and nothing terrible happens.”)

It takes stepping outside the bubble to be reminded of why the failures keep happening. Our businesses are not mechanical or digitized systems. Our businesses are made of people who all have their own interests and hobbies and priorities. We assume that C&E is in that swirl somewhere, but I’m not so sure.

A friend and I went to a wine bar in Austin over the weekend. We ordered our glasses of wine and continued our conversation from earlier in the evening, when we were interrupted by the two gentlemen sitting to our right. They asked the usual questions about what we did for a living. She is a Chief Compliance Officer; I am a C&E consultant. Both of them were stumped by the term “compliance and ethics” despite having been in the white collar workforce for at least 25 years. After some explanation, the usual jokes started about not being compliant or ethical at their employers (both “large, international software companies”).

The jokes weren’t all that funny, but in their context, they weren’t meant to offend. What I did find funny was that when we started having a deeper conversation about the things that are probably going wrong at their companies, they didn’t believe us. We explained about corruption and conflicts of interest. Both of these men were confused by the topics and were incredulous that large companies cared about these issues.

I don’t want to be one of those people who draws huge conclusions from a sample of two guys making conversation because they were bored, but it turns out that I am. These two men are the mythical “average employee.” C&E rings only the dimmest of bells for them. They have not been keeping up with the news about GSK and JP Morgan – in fact, they didn’t know that anything out of the ordinary was happening with these companies. We didn’t get into any details, but I’d bet $20 that if you described the underlying allegations that have GSK and JP Morgan in the news without any mention of C&E or the law, that neither of these gentlemen would immediately assume that the companies had done anything wrong.

I’m actually encouraged by this. If the primary reason that people don’t come forward to report misconduct is because they didn’t know what they were seeing was misconduct, we can fix that. We can fix it with more effective communications and training, and we can fix it by getting out of our offices and having genuine conversations with our employees. (I do not recommend doing it at a wine bar in Austin.)

I was in Australia last week on vacation and got caught in a disconcerting conversation with the taxi driver who took my friend and me from the Sydney airport to our hotel. The conversation started innocuously enough, with him asking us where we were from, and us asking him the same. It turned out that he was from Afghanistan and had been in Australia for 20 years. He told us that much of his family was still there despite him trying to get them to Australia. I noted that it’s difficult to emigrate to Australia, and that’s when what I thought was idle chitchat took an unexpected turn.

The cabbie told us that it is indeed difficult to emigrate to Australia unless you know the right people to bribe and have a lot of money. He said that there were several people in the immigration department who had made millions and millions of dollars in $25,000 chunks by bringing in hundreds and hundreds of their own “family” members. As I was trying to wrap my mind (which was hazy from jet lag) around what he was saying, he went on to tell us how dangerous it is in Afghanistan. He said that thieves were rampant and that they’d moved on to include stealing people – kidnapping. Apparently, the son of a wealthy businessman in the town where the driver’s family lived got snatched off the street and held for a steep ransom. The businessman was able to negotiate the price down, and he paid it, but the kidnappers had beaten his son so severely that the son was unable to recognize his parents.

The driver told us that most of the people in the Afghani government are criminals. He said that there is a drug ministry, but that instead of preventing the drug trade, the ministry facilitates it. This ministry has helicopters waiting to take opium to former Communist-bloc countries. The driver told us that there’s a remote place in the mountains where the highest quality opium is grown, fed by purified water. According to him, it’s the CIA that purifies the water for the opium. The criminals in the Afghani government all work for the CIA, including the minister in charge of drugs, and that the CIA is responsible for distributing opiates to the former Communist-bloc countries to keep the populations there quiet and muddled.

The drive from the airport to the central business district in Sydney is only thirty minutes, and as you can see, we got a lot of information from him during that time. (We got more than this, but this is enough to get a good flavor for the ride.) I think part of the reason he was so open in his conversation is a quirk in taking cabs in Australia, which is that the first seat a fare occupies is the passenger seat in the front rather than the back.

I don’t know where you are on the scale of conspiracy theorists. I don’t think many of us have the perspective (or security clearance) to affirmatively confirm or deny what the cabbie relayed to us. What I do know is that the driver believed in his heart that all of what he told us is fact, and that we wouldn’t have heard what he had to say if one of us hadn’t been in the front seat.

All of this to say that throughout our organizations, employees are making, collecting, and sharing stories. Some of them may be more true than others: HQ approves of us using the travel agency to create a secret fund to encourage doctors and hospitals to use our products; management wants us to hire the sons and daughters of government officials to facilitate us the award of certain projects to us; the company talks about the Code of Conduct and expectations of how we do business, but here’s the way it really works.

We do a lot of traveling as compliance & ethics (C&E) professionals, primarily to do training or to run investigations. Both of those instances are the equivalent of riding in the back seat of an Australian taxi – the formality creates a divide between the person with the stories and the right audience. It’s up to us in C&E to figure out how to get in the front seat of the taxi and find out what our employees are really thinking.

[On this 12th anniversary of one of the worst days in U.S. history, I hope you’ll take a minute to remember all of the people who lost their lives and their loved ones but also the resilience and spirit of community that got us through the aftermath.]

[I’m on vacation this week, so I’m reposting this article, which originally appeared as a guest post on Tom Fox’s blog. Thanks, as always, to Tom for his support and generosity.]

It’s been years since I had a subscription for paper delivery of the news. I read the news either on my computer or on my phone, and I tend to skim the headlines until I see one that interests me (usually an article on the most recent compliance & ethics failure). A few weekends ago, I visited friends who still have the Sunday New York Times delivered to their home, and as I sipped coffee, leafing through their paper, I stumbled across an item I would have missed electronically: “The Whistle-Blower’s Quandary.”

The authors of this piece, found in the Opinion section, are a trio of professors who did a series of studies on why and when people blow the whistle. The article starts with an obligatory mention of Edward Snowden, and I almost moved onto the next item in the paper, but their definition of whistleblower caught my attention: “research participants… [who] witnessed unethical behavior and reported it.” This is the behavior we in C&E try to encourage among our employees, and so, intrigued, I kept reading.

In one of the studies, the participants were asked to describe a time that they witnessed an ethical failure, reported it, and why; they were also asked to describe a time that they witnessed an ethical failure, did not report it, and why. In analyzing these responses, the authors found something interesting. When the participants who reported ethical failures described their actions, they “use[d] ten times as many terms related to fairness and justice, whereas non-whistle-blowers [sic] use[d] twice as many terms related to loyalty.” The short piece concludes that if we want our employees to come forward and report the ethical failures that they witness, we need to be emphasizing fairness and justice in our Codes of Conduct, communications, and training, as those are the concepts that encourage speaking up, where emphasizing loyalty will encourage silence.

This reminded me of one of Matt Kelly’s blog posts at Compliance Week, when Kelly reported the conversations that he facilitated with a group of CCEOs on the topic of cultivating C&E leadership. One of the CCEOs at the roundtable said, “The reward for good conduct is keeping your job.” But as Kelly correctly notes, “That approach can convince an individual employee not to violate your Code of Conduct, to be sure. But it does not necessarily inspire him to call out other misconduct, when that is exactly what compliance officers desperately need.” Kelly framed his post with the concept of allegiance, that what CCEOs need are employees who are allegiant, or loyal, to our companies, “people who will act as advocates for the company’s best interests.”

In his blog post, Kelly noted that expecting this level of loyalty from our employees may be a hard sell. Modern companies exist to make money for their shareholders. This has caused a situation where we’re all focused on hitting quarterly goals so that we don’t spook Wall Street. It creates situations where companies don’t, or maybe can’t, exhibit any behaviors that would inspire the kind of loyalty we’re looking for in our employees. We operate in a business culture where companies that prioritize the satisfaction of their employees are studied and celebrated like the rarities they are, but then we don’t emulate them.

Does the piece in the Times mean that we can stop worrying about loyalty and that we should instead focus on fairness and justice? Nothing in life is ever that simple.

A few years ago, the Compliance and Ethics Leadership Council did research into what the leading indicators of misconduct are, i.e., the signs that tell us in advance that we’re more likely to find misconduct at our companies. CELC found that that one of the top leading indicators of misconduct is when employees identify more closely with their individual work groups or departments than they do with the company as a whole. (You can see versions of this at play in many Sales departments and in one of the justifications for violating the Foreign Corrupt Practices Act: “this is how WE do business [insert relevant region here.]”) In follow up research, CELC also found that one of the primary reasons employees don’t report the misconduct that they witness is because they don’t think that the company will do anything about it. Employees don’t believe that there will be what CELC calls “organizational justice,” where wrongdoers get punished.

What all of this boils down to for me is that fairness and loyalty don’t oppose each other, as the professors posited. Loyalty reflects fairness, is an accurate measure of how fair we are. If we consistently enforce our own rules and standards of business conduct, employees will exhibit loyalty by speaking up when they see misconduct. If they see evidence that the company takes its own rules seriously, employees will exhibit loyalty by following the company’s lead and also take the rules seriously. If, however, we make exceptions in how we enforce our rules and standards of business conduct (e.g., we can’t fire John because he’s our top performer even though we know he’s unethical; we’re not going to dig deeper into why we were able to penetrate a new market so quickly because we only care about being successful and not how we were successful), employees will exhibit loyalty by keeping silent and enabling the misconduct.

If we can’t back them up with visible action, sprinkling the words “fairness” and “justice” instead of “loyalty” into our Codes and communications and training won’t inspire the kind of loyalty Kelly and his roundtable of CCEOs want. “Actions speak louder than words” is a cliché for a reason. It may be overused, but ignoring it or discounting it won’t make the underlying wisdom go away.

In a previous job during an intensive training session, two of my peers stood at the front of the classroom and used some recent sales research findings to illustrate the difference between fact and insight. One of the facts they discovered was that, “Bad managers are poison.” They had data to back it up. The insight, though, was more powerful: “They should be identified and removed.”

I’ve often wondered what qualifies someone as an official “bad manager” outside the sales context. We’ve all had bad managers, but what makes a manager bad enough that she needs to be identified and removed? Is it something we should measure only within the context of his job description, or should the way she comports herself in her personal life matter?

Many people would say no. In the weeks that followed publication of this guest post at Tom Fox’s blog, I got e-mails from people saying that what happened between Tracy and her junior colleague was a personal matter between two consenting adults that didn’t warrant termination of Tracy’s employment. Obviously, the company disagreed.

In the past, I’ve split the difference, taking the relativist’s way out. I’ve condemned the personal behavior, suggested termination, but ultimately left the decision in someone else’s hands to determine whether ethical failures in our personal lives should impact our professional ones. This puts me in the camp of people who believe that someone can be a rotten human being but still be effective at their jobs.

A couple of weeks ago, scholars released results of a study that showed that Chief Executive Officers (CEOs) and Chief Financial Officers (CFOs) who break small laws and flaunt their wealth are more likely to take liberties about their company’s financials. I’ve simplified the findings, but that was the crux. It reminded me of Brian Martin’s advice to young attorneys looking for corporate jobs to avoid the ones where C&E isn’t a priority of the CEO because their tenure at the company will feel like an eternity of frustration.

That position seemed extreme to me at the time, but with the recent, splashy failures at Wal-Mart, GSK, and JP Morgan, I’m rethinking my position. We in C&E spend a large chunk of our time trying to change the hearts and minds of our employees. I wonder if we should be spending an equal amount of time educating Boards and shareholders about the slippery slopes of personal ethical failures. I’m worried about how many managers and CEOs will be left standing after we identify and remove the poisonous ones.

By now you probably know that the U.S. government is investigating J.P. Morgan for violations of the FCPA. To recap, the SEC alleges that J.P. Morgan hired the children of Chinese government officials for the purpose of gaining a business advantage.

Once the initial furor died down, I started to see articles that wished the SEC “good luck” in proving that J.P. Morgan did anything wrong. The authors of these articles imply that the SEC is trying to make nepotism illegal, and the one I read most recently uses the character Pete Campbell from “Mad Men” as an example. Pete Campbell is hired and saved from being fired at the advertising agency because of the access that his wealth and privilege afford him to influential people who make decisions about which advertising agency their companies will use. One of these people is his father-in-law, whose company purchases services from Pete’s firm.

Here’s the thing, though. Setting aside for a moment that Pete’s father-in-law is not a government official, this kind of behavior isn’t ok in the U.S., either. It may not trigger an SEC or DOJ investigation. But it’s certainly going to get the attention of the Chief Compliance & Ethics Officer and the General Counsel, because the behavior I’ve summarized above is a violation of the conflicts of interest policy and the Code of Business Conduct of most companies (including J.P. Morgan’s). There probably wouldn’t be a government investigation, but Pete Campbell’s father could lose his job.

The better example in the U.S. is when high-ranking military folks retire and then go work for government contractors, like Boeing or Booz Allen (where I once worked). Companies leap at the chance to hire these folks at big salaries because of the contacts they have and their deep understanding of the internal infrastructures and politics that determine who will win a contract. This is legal, and it happens all the time. The difference is that there are strict rules governing who wins a contract. And while some of the reasoning underpinning those decisions may fall in a gray area, the companies that win contracts are arguably the most qualified companies for the project according to the requirements of the RFP. In addition, the retired military folks have the required qualifications to do their jobs. When we don’t see the RFP process unfold the way it’s supposed to or when the people who are hired don’t have the requisite qualifications, we tend to see those stories on the front page of the Washington Post.

We don’t have the full story yet on J.P. Morgan, but I wouldn’t be as sanguine about the SEC’s ability to find proof that J.P. Morgan did something wrong as some other folks have been. If the sons and daughters that were hired don’t have the qualifications to do their jobs; if exceptions were made in the usual hiring process to bring them into the company; and if the process by which J.P. Morgan got business from the parent Chinese government officials was not the usual process, then the naysayers might need to revise their view of the world.